Method for Acquiring Identifier of Terminal in Network, Management Network Element and Storage Medium

ABSTRACT

The embodiment of the present invention discloses a method for acquiring an identifier of a terminal in a network. The method includes: acquiring a device identifier of a current terminal which is registered in a network, herein the current terminal is a mobile user; and allocating a corresponding network identifier to the current terminal according to the device identifier of the current terminal such that the current terminal transmits data in the network by using the allocated network identifier, herein, the network identifier is a fixed public network Internet Protocol IP address or a fixed public network IP address and port number segment, allocated to the current terminal. The present invention further discloses a management network element and a computer storage medium.

TECHNICAL FIELD

The present disclosure relates to an allocation technology of terminalidentifiers, in particular to a method for acquiring an identifier of aterminal in a network, a management network element and a computerstorage medium.

BACKGROUND

From moving states, terminals may be divided into two types. One typerefers to terminals at fixed positions, such as home terminals; and theother type refers to terminals in a moving state, e.g., mobile terminalswhich are easily carried, such as mobile phones, Personal DigitalAssistants PDAs and so on. Herein, when a home terminal accesses theInternet, an effective Internet Protocol IP address needs to be appliedfrom the Internet. The IP address has dual identities, and it not onlyrepresents the identity of the home terminal, but also represents anetwork topology location of the home terminal. In other words, for aterminal at a fixed position, the IP address applied from the Internetcan identify the dual identities of the terminal.

For a mobile terminal (a mobile user), by taking a mobile terminal A asan example, when the mobile terminal A moves from a control area of oneaccess gateway to a control area of another access gateway, i.e., fromone network topology location to another network topology location, themobile terminal A needs to acquire a corresponding IP address in each ofdifferent control areas, and thus can successfully access the network.

In consideration of the shortage in IP address resources, operatorschange the mode of allocating IP addresses to mobile users. Further, theoriginal mode that public network IP addresses are directly allocated tothe mobile users is changed to a mode that firstly private network IPaddresses are allocated to the mobile users and then the private networkIP addresses are translated into the public network IP addresses througha pre-deployed operation-level Network Address Translation NAT device tosave the IP address resources when the mobile users accesses theInternet.

However, since a mobile user is usually in a moving state and may beaccessed the network through different access devices or differentoperation-level NAT devices, consequently, when the mobile terminal isaccessed the Internet, private network IP addresses allocated theretoand translated public network IP addresses are different. This causesthe following problems to operators and service providers:

for the operators, each mobile terminal in the network is accessed thenetwork by using different IP addresses, such that the search forillegal operation terminals cannot be realized, i.e., the tracing to theterminal cannot be realized, and further the network security cannot beguaranteed. For the service providers, since network access addresses ofthe same mobile terminal change ceaselessly, effective tracking andservice access analysis cannot be performed on the mobile terminal, andfurther better service cannot be provided for the mobile terminal.

SUMMARY

In order to solve the technical problems existing the related art, theembodiments of the present disclosure provide a method for acquiring anidentifier of a terminal in a network, a management network element anda computer storage medium, such that the fixed identity of each mobileuser can be identified in the network to satisfy the demands ofoperators in aspects such as tracing and security and so on.

The technical solutions of the embodiments of the present disclosure areimplemented as follows:

the embodiment of the present disclosure provides a method for acquiringan identifier of a terminal in a network, including:

acquiring a device identifier of a current terminal which is registeredin a network, herein the current terminal is a mobile user; and

allocating a corresponding network identifier to the current terminalaccording to the device identifier of the current terminal such that thecurrent terminal transmits data in the network by using the allocatednetwork identifier;

herein, the network identifier is a fixed public network InternetProtocol IP address or a fixed public network IP address and port numbersegment allocated to the current terminal.

In the solution, the step of allocating a corresponding networkidentifier to the current terminal according to the device identifier ofthe current terminal includes: search to determine whether there is thepublic network IP address or the public network IP address and the portnumber segment corresponding to the device identifier of the currentterminal in a preconfigured first mapping table;

allocating the searched public network IP address or public network IPaddress and port number segment to the current terminal when the publicnetwork IP address or the public network IP address and the port numbersegment is searched for; and selecting an idle public network IPaddress, or an idle public network IP address and an idle port numbersegment, or a non-idle public network IP address and an idle port numbersegment as a fixed network identifier of the current terminal toallocate the fixed network identifier to the current terminal when thepublic network IP address or the public network IP address and portnumber segment is not searched for; herein, the first mapping tablerecords a corresponding relation between terminal device identifiers andnetwork identifiers.

In the solution, the method further includes:

acquiring identifier information of a node to which the current terminalbelongs, and adding the node identifier information to the first mappingtable; or, acquiring a private network IP address allocated to thecurrent terminal by an access device which the current terminal isaccessed and the identifier information of the node to which the currentterminal belongs, and adding the private network IP address and the nodeidentifier information to the first mapping table.

In the solution, after adding the node identifier information to thefirst mapping table or adding the private network IP address and thenode identifier information to the first mapping table, the methodfurther includes:

when learning about that the current terminal left the network, deletingthe node identifier information, or the private network IP address andthe node identifier information corresponding to an identifier of thecurrent terminal in the first mapping table;

when learning about that a handover from the access device to a newaccess device was performed on the current terminal and the two accessdevices belong to a same node, acquiring a new private network IPaddress allocated to the current terminal by the new access device, andupdating the private network IP address of the current terminal in thefirst mapping table to be the new private network IP address; and

when learning about that a handover from the access device to a newaccess device was performed on the current terminal and the two accessdevices do not belong to a same node, acquiring a new private network IPaddress allocated to the current terminal by the new access device,acquiring node identifier information of a new node to which the currentterminal belongs; and updating the private network IP address of thecurrent terminal in the first mapping table to be the new privatenetwork IP address, and updating the node identifier information of thecurrent terminal in the first mapping table to be the new nodeidentifier information.

In the solution, the method further includes:

when receiving a tracing address search request which carries ato-be-traced IP address, searching for a private network IP address orthe private network IP address and a node identifier of a terminalcorresponding to the to-be-traced IP address in the first mapping table,and using the private network IP address or the private network IPaddress and the node identifier information as a response message of thetracing address search request, and transmitting the response message;

or, when receiving the tracing address search request which carries theto-be-traced IP address, searching for a terminal device identifiercorresponding to the to-be-traced IP address in the first mapping table;and then searching for a terminal user account corresponding to theterminal device identifier in pre-synchronized terminal authenticationinformation, using the terminal user account information as the responsemessage of the tracing address search request, and transmitting theresponse message, herein, the to-be-traced IP address is a publicnetwork IP address or a public network IP address and a port number.

In the solution, the method further includes: a management networkelement transmitting the network identifier allocated to the currentterminal to the node to which the current terminal belongs such that thenode forms a second mapping table, herein the second mapping tablerecords a corresponding relation among the device identifier, thenetwork identifier and the private network IP address of the currentterminal; and

correspondingly, the current terminal transmitting data in the networkby using the allocated network identifier includes: when the nodeacquires first data from the current terminal, acquiring the privatenetwork IP address of the current terminal, and searching for thenetwork identifier corresponding to the private network IP address inthe second mapping table;

when the node learns about identifier information of a node used forreceiving the first data, determining the node used for receiving thefirst data;

when the node does not learn about the identifier information of thenode used for receiving the first data, transmitting a query request tothe management network element, and the management network elementreceiving the query request, searching for an identifier of a node towhich a terminal corresponding to a destination address of the firstdata belongs in the first mapping table, and transmitting the searchednode identifier; and the node receiving the node identifier searched forby the management network element, and determining a node with the nodeidentifier as the node used for receiving the first data; and

the node transmitting the first data to the determined node used forreceiving the first data through a data tunnel by using the networkidentifier searched for by the node.

The embodiment of the present disclosure further provides a managementnetwork element, including:

a first acquisition unit arranged to acquire a device identifier of acurrent terminal which is registered in a network, herein the currentterminal is a mobile user; and

a first allocation unit arranged to allocate a corresponding networkidentifier to the current terminal according to the device identifier ofthe current terminal such that the current terminal transmits data inthe network by using the allocated network identifier;

herein, the network identifier is a fixed public network InternetProtocol IP address or a fixed public network IP address and port numbersegment, allocated to the current terminal.

In the solution, the first allocation unit is further arranged to:

search to determine whether there is the public network IP address orthe public network IP address and the port number segment correspondingto the device identifier of the current terminal in a preconfiguredfirst mapping table; when the public network IP address or the publicnetwork IP address and the port number segment is searched for, allocatethe searched public network IP address or public network IP address andport number segment to the current terminal; and when the public networkIP address or the public network IP address and the port number segmentis not searched for, select an idle public network IP address, or anidle public network IP address and an idle port number segment, or anon-idle public network IP address and an idle port number segment as afixed network identifier of the current terminal to allocate to thecurrent terminal, herein, the first mapping table records acorresponding relation between terminal device identifiers and networkidentifiers.

In the solution, the first acquisition unit is further arranged to:acquire identifier information of a node to which the current terminalbelongs, and add the node identifier information to the first mappingtable; or, acquire a private network IP address allocated to the currentterminal by an access device which the current terminal is accessed andthe identifier information of the node to which the current terminalbelongs, and add the private network IP address and the node identifierinformation to the first mapping table.

In the solution, the management network element further includes:

a first deletion unit arranged to, when learning about that the currentterminal left the network, delete the node identifier information, orthe private network IP address and the node identifier informationcorresponding to an identifier of the current terminal in the firstmapping table;

a first updating unit arranged to, when learning about that a handoverfrom the access device to a new access device was performed on thecurrent terminal and the two access devices belong to a same node,acquire a new private network IP address allocated to the currentterminal by the new access device, and update the private network IPaddress of the current terminal in the first mapping table to be the newprivate network IP address; and

a second updating unit arranged to, when learning about that a handoverfrom the access device to a new access device was performed on thecurrent terminal and the two access devices do not belong to a samenode, acquire the new private network IP address allocated to thecurrent terminal by the new access device, acquire node identifierinformation of a new node to which the current terminal belongs, updatethe private network IP address of the current terminal in the firstmapping table to be the new private network IP address, and update thenode identifier information of the current terminal in the first mappingtable to be the new node identifier information.

In the technical solution, the management network element furtherincludes:

a first receiving unit arranged to receive a tracing address searchrequest which carries a to-be-traced IP address;

a first searching unit arranged to search for a private network IPaddress or the private network IP address and a node identifier of aterminal corresponding to the to-be-traced IP address; and

a first transmission unit arranged to use the private network IP addressor the private network IP address and the node identifier information asa response message of the tracing address search request, and transmitthe response message;

or, the first receiving unit arranged to receive the tracing addresssearch request which carries the to-be-traced IP address;

the first searching unit arranged to search for a terminal deviceidentifier corresponding to the to-be-traced IP address in the firstmapping table, and then search for a terminal user account correspondingto the terminal device identifier in pre-synchronized terminalauthentication information; and

the first transmission unit arranged to use the terminal user accountinformation as the response message of the tracing address searchrequest, and transmit the response message, herein the to-be-traced IPaddress is a public network IP address or a public network IP addressand a port number.

In the solution, the management network element further includes:

a second receiving unit arranged to receive a query request, herein thequery request is transmitted by the node when the node does not learnabout identifier information of a node used for receiving first datawhen the current terminal transmits the first data;

a second searching unit arranged to search for an identifier of the nodeto which a terminal corresponding to a destination address of the firstdata belongs in the first mapping table; and

a second transmission unit arranged to transmit the node identifierinformation.

The embodiment of the present disclosure further provides a computerstorage medium storing computer-executable instructions therein, hereinthe computer-executable instructions are used for executing theabovementioned method for acquiring the identifier of the terminal inthe network.

According to the method for acquiring the identifier of the terminal inthe network, the management network element and the storage mediumprovided by the embodiments of the present disclosure, the methodincludes: acquiring the device identifier of the current terminal whichis registered in the network; and allocating the corresponding networkidentifier to the current terminal according to the device identifier ofthe current terminal such that the current terminal transmits data inthe network by using the allocated network identifier. Herein, thenetwork identifier is a fixed public network IP address or a fixedpublic network IP address and port number segment, allocated to thecurrent terminal, and the fixed identity of each mobile user can beidentified in the network to satisfy the demands of operators in aspectssuch as tracing and security and so on.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 illustrates a flowchart of a method for acquiring an identifierof a terminal in a network provided by an embodiment of the presentdisclosure.

FIG. 2 illustrates a schematic diagram of a first application scenarioprovided by an embodiment of the present disclosure.

FIG. 3 illustrates a schematic diagram of a specific embodiment of amethod for acquiring an identifier of a terminal in a network providedby the present disclosure.

FIG. 4 illustrates a schematic diagram of implementation of a managementnetwork element provided by an embodiment of the present disclosure whenthe management network element learns about that a terminal left anetwork.

FIG. 5 illustrates a schematic diagram of implementation of a managementnetwork element provided by an embodiment of the present disclosure whenthe management network element learns about that a handover takes placeat an access device of a terminal.

FIG. 6 illustrates a schematic diagram of a second application scenarioprovided by an embodiment of the present disclosure.

FIG. 7 illustrates a schematic diagram that a terminal transmits a datapacket in a network by using an allocated network identifier provided byan embodiment of the present disclosure.

FIG. 8 illustrates a schematic diagram of a first embodiment ofimplementing tracing provided by the present disclosure.

FIG. 9 illustrates a schematic diagram of a second embodiment ofimplementing tracing provided by the present disclosure.

FIG. 10 illustrates a schematic diagram of the composition of amanagement network element provided by an embodiment of the presentdisclosure.

SPECIFIC EMBODIMENTS

The alternative embodiments of the present disclosure will be describedbelow in detail in combination with the drawings. It shall be understoodthat the alternative embodiments described below are just used fordescribing and explaining the present disclosure instead of limiting thepresent disclosure.

The technical solution of the embodiment of the present disclosure isapplied to a mobile user terminal, and is particularly applied to asituation that an operator has already allocated a private network IPaddress to the terminal (mobile user). When the terminal accesses theInternet, a device identifier of the terminal is acquired, and acorresponding public network IP address or a public network IP addressand port number segment is allocated to the terminal according to thedevice identifier of the terminal and is used as an identity identifierof the terminal in the Internet. Herein, since each terminal has aunique device identifier corresponding thereto, and at the same time thedevice identifier uniquely corresponds to the public network IP address,i.e., the identity identifier of the terminal in the Internet isrelatively fixed, compared with the related art in which the publicnetwork IP addresses allocated to the terminal frequently change withthe movement of the terminal, the terminal has a relatively fixedidentifier in the Internet. Therefore, the search for illegal terminalsand the realization of security control of users by the operators aremore greatly facilitated, and the demands of the operators in aspectssuch as tracing and security are satisfied.

A method for allocating a network identifier to a terminal provided byan embodiment of the present disclosure is applied to a managementnetwork element. FIG. 1 illustrates a flowchart of a method foracquiring an identifier of a terminal in a network provided by theembodiment of the present disclosure. As illustrated in FIG. 1, themethod includes the following steps.

In step 101, a device identifier of a current terminal which isregistered in a network is acquired, herein the current terminal is amobile user.

Here, the network may be the Internet. The terminal includes a portableterminal such as a mobile phone or a Personal Digital Assistant PDA orthe like. Alternatively, when the terminal is the mobile phone, thedevice identifier of the terminal is an International Mobile SubscriberIdentification Number IMSI of the mobile phone. When the terminal is thePAD, the device identifier of the terminal is a Media Access Control MACaddress of the PAD.

In this step, the device identifier of the terminal in the network isacquired by the management network element. FIG. 2 illustrates aschematic diagram of a first application scenario provided by anembodiment of the present disclosure. In FIG. 2, the involvedcommunication devices include the terminal, an access device which theterminal is accessed, a node to which the access device (the terminal)belongs, and a management network element for allocating a networkidentifier to the terminal. The involved communication devices mayfurther include: an opposite terminal in communication with the terminaland an opposite node to which the opposite terminal belongs. At a locallocation of the terminal the terminal is accessed the network throughthe access device, and the access device acquires the device identifierof the terminal, such as mobile phone IMSI information. The accessdevice transmits the acquired device identifier of the mobile terminalto the management network element, and the management network elementacquires the device identifier of the mobile terminal by receiving thedevice identifier.

In step 102, a corresponding network identifier is allocated to thecurrent terminal according to the device identifier of the currentterminal such that the current terminal transmits data in the network byusing the allocated network identifier. Herein, the network identifieris a fixed public network Internet Protocol IP address or a publicnetwork IP address and port number segment, allocated to the currentterminal.

In this step, the operation is implemented by the management networkelement. In a preconfigured first mapping table, the management networkelement uses the device identifier of the current terminal as an indexto search to determine whether there is a network identifiercorresponding to the device identifier of the current terminal. When thenetwork identifier is searched for, the searched network identifier isallocated to the current terminal such that the current terminaltransmits a data packet in the Internet by using the allocated networkidentifier. Herein, the first mapping table records a correspondingrelation between device identifiers of terminals which are previouslyaccessed the network and public network IP addresses thereof, or thefirst mapping table records a corresponding relation between deviceidentifiers of terminals which are previously accessed the network andpublic network IP addresses and port number segments thereof. Each itemof content in the first mapping table may be a table entry. The networkidentifier may be the public network IP address only, and may also be acombination of the public network IP address and the port numbersegment.

When the network identifier is not searched for, the current mobileterminal is determined to be a terminal which is newly registered in thenetwork, and an idle public network IP address, or an idle publicnetwork IP address and an idle port number segment, or a non-idle publicnetwork IP address and an idle port number segment is selected as anetwork identifier of the newly registered terminal to allocate to thenewly registered terminal such that the current terminal transmits thedata packet in the Internet by using the allocated network identifier.

Accordingly, it can be seen that, in this solution, in the Internet acorresponding network identifier, such as the public network IP addressor the public network IP address and port number segment or the like, isallocated to each of terminals with different device identifiers, andthe corresponding network identifier identifies the identity of theterminal in the network. At the same time, since the allocated networkidentifier is fixed and the device identifier of the terminal is alsofixed, the terminal can be very easily searched for in the Internetaccording to the fixed network identifier allocated to the terminal, andthe demands of the operators in aspects such as tracing and security andso on are satisfied.

After the network identifier is allocated to the newly registeredterminal, the management network element records the device identifierof the newly registered terminal and the network identifier thereof inthe first mapping table.

In this solution, the process of allocating the network identifier tothe terminal which is previously accessed the network is similar to theabovementioned process of allocating the network identifier to the newlyregistered terminal, and thus the process of allocating the networkidentifier to the terminal which is previously accessed the network isnot repetitively described here.

It needs to be stated that the following principles need to be followedwhen the management network element configures the corresponding networkidentifier for the terminal.

The public network IP address and the range of port number segmentconfigured for the mobile terminal need to satisfy regulated protocolsin Transmission Control Protocol TCP/IP protocol cluster.

A unique public network IP address is arranged to each mobile terminalregistered in the network; and/or a same public network IP address isarranged to at least two mobile terminals in the network. When the samepublic network IP address is arranged to the at least two mobileterminals, different port number segments are arranged to the at leasttwo mobile terminals.

In this solution, after the management network element allocates thenetwork identifier to the current terminal, the method further includesthe following steps.

The management network element acquires identifier information of a nodeto which the current terminal belongs, and adds the node identifierinformation to the first mapping table; or, acquires a private networkIP address allocated to the current terminal by an access device whichthe current terminal is accessed and identifier information of a node towhich the current terminal belongs, and adds the node identifierinformation and the private network IP address to the first mappingtable.

After the management network element adds the node identifierinformation to the first mapping table or adds the private network IPaddress and the node identifier information to the first mapping table,the method further includes the following steps.

When the management network element learns about that the currentterminal left the network, the management network element deletes thenode identifier information, or the private network IP address and thenode identifier information corresponding to the identifier of thecurrent terminal in the first mapping table. Refer to subsequent FIG. 4and description of FIG. 4 for details here.

When the management network element learns about that a handover fromthe access device to a new access device was performed on the currentterminal and the two access devices belong to the same node, themanagement network element acquires a new private network IP addressallocated to the current terminal by the new access device, and updatesthe private network IP address of the current terminal in the firstmapping table to be the new private network IP address. Refer tosubsequent FIG. 5 and description of FIG. 5 for details here.

When the management network element learns about that a handover fromthe access device to a new access device was performed on the currentterminal and the two access devices do not belong to the same node, themanagement network element acquires a new private network IP addressallocated to the current terminal by the new access device, acquiresnode identifier information of a new node to which the current terminalbelongs; and updates the private network IP address of the currentterminal in the first mapping table to be the new private network IPaddress, and updates the node identifier information of the currentterminal in the first mapping table to be the new node identifierinformation. Refer to subsequent description for details here.

After the management network element adds the private network IP addressor the private network IP address and the node identifier information tothe first mapping table, when tracing is implemented, the method furtherincludes the following steps.

When the management network element receives a tracing address searchrequest which carries a to-be-traced IP address, the management networkelement searches for a private network IP address or the private networkIP address and a node identifier of a terminal corresponding to theto-be-traced IP address in the first mapping table, and uses the privatenetwork IP address or the private network IP address and the nodeidentifier information as a response message of the tracing addresssearch request, and transmits the response message. Herein, theto-be-traced IP address is a public network IP address or a publicnetwork IP address and a port number. Refer to subsequent FIG. 8 anddescription of FIG. 8 for details here.

Or, when the management network element receives a tracing addresssearch request which carries a to-be-traced IP address when the tracingis implemented, the management network element searches for a terminaldevice identifier corresponding to the to-be-traced IP address in thefirst mapping table. The management network element searches for aterminal user account corresponding to the terminal device identifier inpre-synchronized terminal authentication data, and uses the terminaluser account information as a response message of the tracing addresssearch request, and transmits the response message. Herein, theto-be-traced IP address is a public network IP address or a publicnetwork IP address and a port number. Refer to subsequent FIG. 9 anddescription of FIG. 9 for details here.

After the management network element allocates the network identifier tothe current terminal, the management network element transmits thenetwork identifier allocated to the current terminal to the node towhich the current terminal belongs such that the node forms a secondmapping table. Herein, the second mapping table records a correspondingrelation among the device identifier of the current terminal, thenetwork identifier and the private network IP address of the currentterminal. Correspondingly, the current terminal transmitting data in thenetwork by using the allocated network identifier includes the followingsteps. When the node acquires first data from the current terminal, theprivate network IP address of the current terminal is acquired, and thenetwork identifier corresponding to the private network IP address issearched for in the second mapping table. When the node learns aboutidentifier information of a node used for receiving the first data, thenode used for receiving the first data is determined. When the node doesnot learn about the identifier information of the node used forreceiving the first data, a query request is transmitted to themanagement network element, and the management network element receivesthe query request, searches for a node identifier of the node to which aterminal corresponding to a destination address of the first databelongs in the first mapping table, and transmits the searched nodeidentifier. The node receives the node identifier searched for by themanagement network element, and determines the node with the nodeidentifier as the node used for receiving the first data. The nodetransmits the first data to the node used for receiving the first datathrough a data tunnel by using the network identifier searched for bythe node. Refer to subsequent FIG. 6 and FIG. 7 and description of FIG.6 and FIG. 7 for details here.

This solution will be further described through the various embodimentsand the corresponding drawings below.

FIG. 3 illustrates a flowchart of a specific embodiment of a method foracquiring an identifier of a terminal in a network provided by anembodiment of the present disclosure. As shown in FIG. 3, the methodincludes the following steps.

In step 301, a mobile phone initiates an access request to an accessdevice.

In step 302, the access device initiates an authentication request to anauthentication server.

In step 303, the authentication server performs identity authenticationon the mobile phone and grants corresponding authorities to the mobilephone after the authentication passes; and the authentication serverreturns a response message of the authentication request to notify theaccess device about that the mobile phone has already passed theauthentication.

In step 304, the access device allocates a private network IP address tothe mobile terminal.

Refer to the existing relevant description for specific implementationprocesses of the steps 301-304.

In step 305, the access device extracts IMSI information of the mobilephone, and uses the IMSI information and the private network IP addressallocated to a user as terminal information and transmits the terminalinformation to a node.

Here, the terminal information such as the IMSI and the private networkIP address of the mobile phone and so on may be transmitted throughoperator-defined signaling interfaces in self-defined message forms, andmay also be transmitted by means of Remote Authentication Dial In UserService RADIUS charging messages. When the terminal information istransmitted by means of the RADIUS charging messages, the signalinginterfaces need to satisfy the requirements of RADIUS standardprotocols.

In step 306, after the node receives the terminal information such asthe IMSI and the private network IP address of the mobile phone and soon transmitted by the access device, the node transmits an addressrequest message to a management network element.

Here, the address request message carries the terminal information suchas the IMSI and the private network IP address of the mobile phone andso on.

In step 307, after the management network element receives the addressrequest message, the management network element uses the IMSIinformation of the mobile phone as an index to search to determinewhether a network identifier corresponding to the IMSI information ofthe mobile phone in a configured first mapping table. When the networkidentifier is searched for, the management network element allocates thesearched network identifier to the mobile phone. Alternatively, when thenetwork identifier is searched for, the management network element mayadd information such as the private network IP address and the nodeidentifier of the node to which the mobile phone belongs and so on tothe first mapping table.

When the network identifier is not searched for, the mobile phone isdetermined to be a mobile phone which is newly registered in thenetwork, and a public network IP address in an idle state, or an idlepublic network IP address and an idle port number segment, or a non-idlepublic network IP address and an idle port number segment at current isselected as a network identifier of the mobile phone to allocate to themobile phone. The IMSI of the mobile phone, the network identifier, theidentifier of the node to which the mobile phone belongs and the privatenetwork IP address are considered as a corresponding relation to beadded to the first mapping table.

The first mapping table may be specifically a static mapping table andis configured through a static mapping method. A first mapping tableshown in Table 1 is only used as an alternative embodiment of the firstmapping table of the present disclosure, and does not cover all firstmapping tables of the present disclosure. For example, the first mappingtable of the embodiment of the present disclosure may further includethree table entries, i.e., terminal device identifier, networkidentifier and node identifier.

TABLE 1 Terminal device Network Private network Node identifieridentifier IP address identifier

In step 308, the management network element returns an address responsemessage to the node.

Here, the address response message carries the network identifier suchas the public network IP address or the public network IP address andthe port number segment allocated by the management network element tothe mobile phone.

In step 309, the node receives the network identifier of the mobilephone transmitted by the management network element, and recordsinformation such as the IMSI information, the private network IPaddress, the network identifier and the like of the mobile phone in asecond mapping table.

In step 310, the node returns an acknowledgment ACK message to theaccess device to notify the access device that the management networkelement has already allocated the network identifier to the mobilephone.

In the solution, when the interaction is performed between themanagement network element and the node, the interacted information istransmitted through operator-defined signaling interfaces.

Accordingly, it can be seen that, in this solution, in the Internet, acorresponding network identifier, such as a public network IP address ora public network IP address and a port number segment or the like, isallocated to each of terminals with different device identifiers, andthe identity of the terminal in the network is identified. At the sametime, since the allocated network identifier is fixed and the deviceidentifier of the terminal is also fixed, and the terminal can be veryeasily searched for in the Internet according to the fixed networkidentifier allocated to the terminal, and the demands of the operatorsin aspects such as tracing and security and so on are satisfied.

FIG. 4 illustrates a schematic diagram of implementation of a managementnetwork element provided by the embodiment of the present disclosurewhen the management network element learns about that a terminal left anetwork. FIG. 4 illustrates an application situation that, after amanagement network element allocates a corresponding network identifierto a terminal, the terminal will leave the network.

In step 401, when an access device judges that a mobile phone leaves anetwork, the access device transmits indication information that themobile phone will leave to a node.

Here, the situations that the mobile phone is offline and/or thelocation of the mobile phone changes are viewed as that the mobile phoneleaves the network. The indication information carries terminalinformation such as IMSI and a private network IP address of the mobilephone which will leave.

In step 402, a node receives the indication information of the accessdevice and starts a timer of the node.

Within a timed period of the timer, if an online message of the mobilephone is not received, the mobile phone leaving the network is finallydetermined; and after the end of the timed period of the timer, thetable entry of private network IP address of the mobile phone in thesecond mapping table is deleted.

In step 403, the node transmits a notification message to a managementnetwork element to notify the management network element that theterminal has already left the network.

Here, the notification message carries the IMSI and the private networkIP address of the mobile phone which has left the network.

In step 404, after the management network element receives thenotification message, the management network element searches for atable entry corresponding to the IMSI information of the mobile phone inthe first mapping table, and deletes the node identifier information towhich the mobile phone belongs and deletes the private network IPaddress of the mobile phone.

In step 405, the management network element transmits an ACK message tothe node to notify the node that the corresponding table entry of themobile phone in the first mapping table has already been deleted.

In step 406, the node transmits an ACK message aiming at the indicationinformation to the access device to notify the access device that themobile phone has already left the network in deed.

In the solution, when the management network element learns about that aterminal left, the table entries such as private network IP address andnode identifier information of the terminal in the first mapping tableneed to be deleted, but the public network IP address or the publicnetwork IP address and the port number segment allocated to the terminalis still reserved, and the reserved content is used as a fixed identityidentifier of the terminal in the network, which facilitates thesubsequent access of the terminal and also provides a powerful basis foran operator to realize tracing and network security.

In the abovementioned solution, when the interaction between the accessdevice and the node and the interaction between the management networkelement and the node are involved, the interacted information istransmitted all through operator-defined signaling interfaces.

FIG. 5 illustrates a schematic diagram of implementation of a managementnetwork element provided by an embodiment of the present disclosure whenthe management network element learns about that a handover wasperformed on an access device of a terminal. FIG. 5 illustrates anapplication situation that, after a management network element allocatesa corresponding network identifier to a terminal, a handover from anaccess device 1 to an access device 2 needs to be performed on theterminal and the two access devices belong to the same node.

In step 501, a mobile phone is accessed a network through an accessdevice 1, and when the access device 1 judges that the mobile phoneleaves the network, the access device 1 transmits indication informationthat the mobile phone will leave to a node.

Here, the indication information carries IMSI of the mobile phone whichwill leave and a private network IP address which is allocated by theaccess device 1 to the mobile phone.

In step 502, the node receives the indication information of the accessdevice 1 and starts a timer of the node to wait for access informationof the mobile phone.

In step 503, within a timed period of the timer, a handover from theaccess device 1 to an access device 2 is performed on the mobile phone,and after the authentication of an authentication server passes, theaccess device 2 allocates a new private network IP address to the mobilephone, and uses the IMSI, the new private network IP address and thelike of the mobile phone as terminal information and transmits theterminal information to the node to which the access device 2 belongs.

Here, the access device 1 and the access device 2 belong to the samenode.

In step 504, before the end of the timed period of the timer, when thenode receives the device identifier information of the mobile phonetransmitted by the access device 2, the node determines that the mobilephone is online again and closes the timer of the node to stop a timingfunction of the timer; and the node updates the private network IPaddress allocated by the access device 1 to the mobile phone in a secondmapping table to be the new private network IP address allocated by theaccess device 2 to the mobile phone.

In step 505, the node reports the new private network IP addressinformation of the mobile phone to a management network element.

In step 506, after the management network element receives theinformation, the management network element updates the private networkIP address of the mobile phone in the first mapping table to be the newprivate network IP address.

In step 507, the management network element transmits an ACK message tothe node to notify the management node that the private network IPaddress of the mobile phone has already been updated to be the newprivate network IP address.

In step 508, the node transmits an ACK message to the access device 2 tonotify the access device 2 that the mobile phone has already beensuccessfully accessed the network.

In step 509, the node transmits an ACK message to the access device 1 tonotify that the mobile phone has already left the access device 1 and ahandover to the access device 2 is performed on the mobile phone.

In the abovementioned solution, when the table entry of private networkIP address of the mobile phone does not exist in the first mappingtable, the steps 506 and 507 are omitted and the steps 508 and 509 aredirectly executed.

The above solution involves the situation that a handover from theaccess device 1 to the access device 2 is performed on the terminal andthe two access devices belong to the same node, i.e., a handover acrossthe nodes is not performed on the terminal. When a handover across thenodes is performed on the terminal, i.e., a handover from the accessdevice 1 to the access device 2 is performed on the terminal and the twoaccess devices do not belong to the same node, the management networkelement acquires a new private network IP address allocated to themobile phone by the new access device, and acquires node identifierinformation of a new node to which the mobile phone belongs; and updatesthe private network IP address of the mobile phone in the first mappingtable to be the new private network IP address, and updates the nodeidentifier information of the mobile phone in the first mapping table tobe the new node identifier information. Herein, a processing process ofperforming a handover across nodes on the terminal may be approximatelydivided into two parts, the first part is that the mobile phone isoffline at node 1 and the second part is that the mobile phone is onlineagain at node 2. Herein, the process that the mobile phone is offline atnode 1 is similar to the abovementioned description of FIG. 5; and theprocess that the mobile phone is online again at node 2 is similar tothe abovementioned description of FIG. 3, and thus no repetitivedescription is made here.

In the solution, when the management network element learns about that ahandover is performed on the access device of the terminal, themanagement network element needs to update corresponding table entriesof the terminal in the first mapping table in time but still reservesthe public network IP address or the public network IP address and theport number segment allocated to the terminal, and uses the reservedcontent as a fixed identity identifier of the terminal in the network,which facilitates the subsequent access of the terminal and alsoprovides a basis for an operator to realize tracing and networksecurity.

It needs to be stated that, in the abovementioned solution, when theinteraction between the access device and the node and the interactionbetween the management network element and the node are involved, theinteracted information is transmitted through operator-defined signalinginterfaces.

FIG. 6 illustrates a schematic diagram of a second application scenarioprovided by an embodiment of the present disclosure. In FIG. 6, thescenario may be an application scenario that a terminal and an oppositeterminal transmit a data packet by using a network identifier. Herein,the situation that the terminal is a terminal 1, the opposite terminalis a terminal 2, a node to which the terminal 1 belongs is a node 1 anda node to which the terminal 2 belongs is a node 2 is taken as anexample.

FIG. 7 illustrates a schematic diagram that a terminal transmits a datapacket in a network by using an allocated network identifier provided bythe embodiment of the present disclosure. The situation that the datapacket is transmitted by using the network identifier is furtherdescribed in combination with FIG. 6 and FIG. 7.

In step 701, the terminal 1 transmits a data packet 1 to the node 1 towhich the terminal 1 belongs, to transmit the data packet 1 to theterminal 2 through the node 1.

Here, the data packet 1 carries a source address, a source port number,a destination address and a destination port number of the data packet1. Usually, the source address is a private network IP address, and thedestination address is a public network IP address. For example, theprivate network IP address of the terminal 1, i.e., the source addressof the data packet 1 is 10.1.1.2 and the source port number is 3248.

In step 702, after the node 1 receives the data packet 1 transmitted bythe terminal 1, the node 1 searches for the network identifiercorresponding to the private network IP address of the terminal 1 in thesecond mapping table.

Here, in the first mapping table, the node 1 searches that the publicnetwork IP address corresponding to the private network IP address10.1.1.2 of the terminal 1 is 123.1.1.2 and the port number segment is[1024, 2047]. Accordingly, it can be seen that the IP address of thedata packet 1 is translated from the source address 10.1.1.2 and thesource port number 3248 into the public network IP address 123.1.1.2 andthe port number 2035, and the node records the translation relation.

In step 703, the node 1 packs the data packet and then transmits thedata packet 1 to the node 2 through a data tunnel by using the searchedpublic network IP address.

Here, the node 1 transmits the data packet 1 to the node 2 by using thepublic network IP address 123.1.1.2.

In step 704, the node 2 receives the data packet 1 through the datatunnel, and unpacks the data packet 1.

When determining that the terminal 2 is a private network user, the node2 searches for a private network IP address and a port number of theterminal corresponding to the destination address and the destinationport number of the data packet 1 in the second mapping table of the node2, and determines a terminal with the private network IP address and theport number to be the terminal 2 and transmits the data packet 1 to theterminal 2.

When determining that the terminal 2 is a public network user, otheroperations do not need to be executed again.

In step 705, the terminal 2 receives the data packet 1 from the terminal1 and transmits a response message, such as a data packet 2, of the datapacket 1 to the node 2 to return the data packet 2 to the terminal 1through the node 2.

In step 706, the node 2 receives the data packet 2.

When determining that a receiving party (terminal 1) of the data packet2 is a private network user, a public network IP address or the publicnetwork IP and a port number corresponding to the private network IPaddress of the terminal 2 is searched for in the second mapping table,and the step 707 is sequentially executed.

When determining that the receiving part of the data packet 2 is apublic network user, the data packet 2 is packed and transmitted to thepublic network user; and this process ends.

Here, since the data packet 2 is a response data packet of the datapacket 1, that is, the node 2 knows the node 1. However, when the node 2transmits a data packet 3 to the terminal 1 and does not know the nodeidentifier to which the terminal 1 belongs, the node 2 needs to transmita query request to the management network element, and the managementnetwork element uses the destination address (or the destination addressand port number) of the data packet 3 as an index to search for the nodeidentifier to which the terminal corresponding to the destinationaddress belongs, and determines the node with the node identifier to bea receiving node of the data packet 3. Herein, the data packet 3 carriesa source address and a destination address; and the source address ofthe data packet 3 is the private network IP address of the terminal 2.

In step 707, the data packet 2 is packed and the data packet 2 istransmitted to the node 1 through the data tunnel by using the searchedpublic network IP address.

In step 708, the node 1 receives the data packet 2 through the datatunnel and unpacks the data packet 2; and searches for the privatenetwork IP address and the port number of the terminal corresponding tothe destination address and the port number of the data packet 2 in thesecond mapping table, and determines the terminal with the privatenetwork IP address and the port number to be a receiving party of thedata packet 2.

In step 709, the node 1 transmits the data packet 2 to the terminal 1.

Herein, in steps 701-705, the terminal 1 is a transmitting party of thedata packet 1 and the terminal 2 is a receiving party. In steps 706-709,the terminal 2 is a transmitting party of the data packet 2 and theterminal 1 is a receiving party. No matter which is the transmittingparty and which is the receiving party, the translation from the privatenetwork IP address to the public network IP address and/or from thepublic network IP address to the private network IP address can all beperformed according to the second mapping table of the node to which theterminal belongs.

In the abovementioned solution, when the data packet is transmittedbetween the transmitting terminal and the receiving terminal, at thetransmitting party, the second mapping table of the node to which thetransmitting party belongs may be used to search for the public networkIP address corresponding to the private network IP address of thetransmitting terminal such that the data packet is transmitted in theInternet by using the public network IP address; and at the receivingparty, the second mapping table of the node to which the receivingterminal belongs may be used to search for the private network IPaddress of the terminal corresponding to the destination node (thepublic network IP address of the receiving terminal) of the data packet,and the terminal with the private network IP address is the receivingterminal, such that the transmission of the data packet is facilitatedand simultaneously the identity of the terminal is also identified.

In the abovementioned solution, when the interaction between themanagement network element and the node is involved, the interactedinformation is transmitted through operator-defined data interfaces.

FIG. 8 illustrates a schematic diagram of a first embodiment ofimplementing tracing provided by the present disclosure. As illustratedin FIG. 8, how this solution facilitates implementation of tracingperformed by an operator may be deeply understood. In addition to amanagement network element and an authentication server, communicationdevices involved in FIG. 8 further include a security monitoring system,an Internet Content Provider ICP, a tracing processor, etc.

In step 801, when a security monitoring system monitors that an eventwhich affects network security occurs, i.e., there is a terminalperforming an illegal operation in a network, the security monitoringsystem transmits a request for acquiring a to-be-traced IP address to anICP.

In step 802, the ICP returns the to-be-traced IP address at which theillegal operation occurs as a response message of the request to thesecurity monitoring system.

The to-be-traced IP address acquired by the ICP is a public network IPaddress or a public network IP address and a port number.

In step 803, the security monitoring system transmits a tracing requestto a tracing processor to acquire a terminal user account of theto-be-traced IP address.

Here, the tracing request carries the to-be-traced IP address.

In step 804, after the tracing processor receives the tracing requesttransmitted by the security monitoring system, the tracing processorinitiates a tracing address search request to a management networkelement.

Here, the tracing address search request carries the to-be-traced IPaddress.

In step 805, the management element searches for a private network IPaddress and a node identifier of a terminal corresponding to theto-be-traced IP address in the first mapping table.

Here, since the first mapping table records information such as deviceidentifiers of terminals, private network IP addresses, networkidentifiers and node identifiers to which the terminal belongs and soon, herein, one private network IP address of the terminal correspondsto one unique network identifier (public network IP address and portnumber segment), the management network element may also search forinformation such as the private IP address and the node identifier towhich the terminal belongs of the terminal corresponding to theto-be-traced IP address in the first mapping table according to theto-be-traced public network IP address and the port number.

In step 806, the management network element uses the searched privatenetwork IP address and node identifier as a response message of theto-be-traced address search request and returns the response message tothe tracing processor.

In step 807, after the tracing processor receives the response message,the tracing processor transmits a tracing request to an authenticationserver.

In step 808, the authentication server receives the tracing request, andsearches for the terminal user account used by the terminal with theprivate network IP address in the network according to the privatenetwork IP address and terminal authentication information, and uses theterminal user account information as a response message of the tracingrequest and returns the response message to the tracing processor.

In step 809, the tracing processor uses the terminal user accountinformation as a response message of the tracing request transmitted bythe security monitoring system to the tracing processor, and returns theresponse message to the security monitoring system.

In the abovementioned solution, since the management unit allocates aunique network identifier to each terminal and records information suchas device identifiers of terminals, network identifiers, private networkIP address of terminals and node identifiers to which the terminalbelongs and so on in the first mapping table, the terminal whichperforms the illegal operation may be quickly searched for according tothe network identifier based on the records in the first mapping table,and the implementation of tracing performed by the operators on theillegal terminal is facilitated. Compared with the method ofimplementing tracing by searching for a log server in the related art,by using this solution, not only can the illegal terminal be positionedin real time and the service demands be satisfied, but also the waste ofstorage resources caused by deployment of the log server to uniformlymaintain address translation logs is avoided.

FIG. 9 illustrates a schematic diagram of a second embodiment ofimplementing tracing provided by the present disclosure. As illustratedin FIG. 9, how this solution facilitates better implementation oftracing performed by an operator may be deeply understood.

In step 901, after an authentication server performs authentication on aterminal, the authentication server synchronizes terminal authenticationinformation to a management network element.

Here, the authentication information includes: a terminal user account,a password, a user type and authorities, used by the terminal.

In step 902, when a security monitoring system monitors that an eventwhich affects network security occurs, i.e., there is a terminalperforming an illegal operation in a network, the security monitoringsystem transmits a request for acquiring a to-be-traced IP address to anICP.

In step 903, the ICP returns the to-be-traced IP address at which theillegal operation occurs as a response message of the request to thesecurity monitoring system.

Usually, the to-be-traced IP address acquired by the ICP is a publicnetwork IP address or a public network IP address and a port number.

In step 904, the security monitoring system transmits a tracing requestto a tracing processor to acquire a terminal user account of theto-be-traced IP address.

Here, the tracing request carries the to-be-traced IP address.

In step 905, after the tracing processor receives the tracing requesttransmitted by the security monitoring system, the tracing processorinitiates a tracing address search request to the management networkelement.

Here, the tracing address search request carries the to-be-traced IPaddress.

In step 906, the management element searches for a device identifier ofa terminal corresponding the to-be-traced IP address in the firstmapping table; and searches for a terminal user account used by theterminal with the device identifier in pre-synchronized terminalauthentication information according to the device identifier.

In step 907, the management network element uses the searched privatenetwork IP address and node identifier as a response message of theto-be-traced address search request and returns the response message tothe tracing processor.

In step 908, the tracing processor users the terminal user accountinformation as a response message of the tracing request transmitted bythe security monitoring system to the tracing processor, and returns theresponse message to the security monitoring system.

In the abovementioned solution, the authentication server synchronizesthe terminal authentication information including the terminal useraccount to the management network element. When terminal tracing isimplemented, the management network element may search for thecorresponding device identifier through the to-be-traced IP address, andthen searches for the user account of the to-be-traced terminal by usingthe device identifier. Through the pre-synchronization of theauthentication information, quick tracing and positioning may berealized, and the searching time is saved and the demands of operatorsin aspects such as tracing and security are satisfied.

The embodiment of the present disclosure further provides a computerstorage medium t storing computer-executable instructions therein, andthe computer-executable instructions are used for executing theaforementioned method for acquiring the identifier of the terminal inthe network.

The embodiment of the present disclosure further provides a managementnetwork element. FIG. 10 illustrates a schematic diagram of componentsof a management network element provided by the embodiment of thepresent disclosure. As illustrated in FIG. 10, the network elementincludes: a first acquisition unit 101 and a first allocation unit 102,herein,

the first acquisition unit 101 is arranged to acquire a deviceidentifier of a current terminal which is registered in a network,herein, the current terminal is a mobile user; and

the first allocation unit 102 is arranged to allocate a correspondingnetwork identifier to the current terminal according to the deviceidentifier of the current terminal such that the current terminaltransmits data in the network by using the allocated network identifier.Herein, the network identifier is a fixed public network InternetProtocol IP address or a fixed public network IP address and port numbersegment, allocated to the current terminal.

In the solution, the first allocation unit 102 is further arranged tosearch to determine whether there is the public network IP address orthe public network IP address and the port number segment correspondingto the device identifier of the current terminal in a preconfiguredfirst mapping table; when the public network IP address or the publicnetwork IP address and the port number segment is searched for, allocatethe searched public network IP address or public network IP address andport number segment to the current terminal; and when the public networkIP address or the public network IP address and the port number segmentis not searched for, select an idle public network IP address, or anidle public network IP address and an idle port number segment, or anon-idle public network IP address and an idle port number segment as anetwork identifier of the current terminal, and allocate the networkidentifier to the current terminal. Herein, the first mapping tablerecords a corresponding relation between terminal device identifiers andnetwork identifiers.

Herein, the first acquisition unit 101 is further arranged to acquireidentifier information of a node to which the current terminal belongs,and add the node identifier information to the first mapping table; or,

acquire a private network IP address allocated to the current terminalby an access device which the current terminal is accessed andidentifier information of a node to which the current terminal belongs,and add the private network IP address and the node identifierinformation to the first mapping table.

As illustrated in FIG. 10, the network element further includes:

a first deletion unit 103 arranged to, when learning about that thecurrent terminal left the network, delete the node identifierinformation, or the private network IP address and the node identifierinformation corresponding to the identifier of the current terminal inthe first mapping table;

a first updating unit 104 arranged to, when learning about that ahandover from the access device to a new access device was performed onthe current terminal and the two access devices belong to the same node,acquire a new private network IP address allocated to the currentterminal by the new access device, and update the private network IPaddress of the current terminal in the first mapping table to be the newprivate network IP address; and

a second updating unit 105 arranged to, when learning about that ahandover from the access device to a new access device was performed onthe current terminal and the two access devices do not belong to thesame node, acquire a new private network IP address allocated to thecurrent terminal by the new access device, and acquire node identifierinformation of a new node to which the current terminal belongs; andupdate the private network IP address of the current terminal in thefirst mapping table to be the new private network IP address, and updatethe node identifier information of the current terminal in the firstmapping table to be the new node identifier information.

As illustrated in FIG. 10, the network element further includes:

a first receiving unit 106 arranged to receive a tracing address searchrequest which carries a to-be-traced IP address;

a first searching unit 107 arranged to search for a private network IPaddress or the private network IP address and a node identifier of aterminal corresponding to the to-be-traced IP address; and

a first transmission unit 108 arranged to use the private network IPaddress or the private network IP address and the node identifierinformation as a response message of the tracing address search request,and transmit the response message;

or, the first receiving unit 106 arranged to receive a tracing addresssearch request which carries a to-be-traced IP address;

the first searching unit 107 arranged to search for a terminal deviceidentifier corresponding to the to-be-traced IP address in the firstmapping table, and then search for a terminal user account correspondingto the terminal device identifier in pre-synchronized terminalauthentication information; and

the first transmission unit 108 arranged to use the terminal useraccount information as a response message of the tracing address searchrequest, and transmit the response message, herein, the to-be-traced IPaddress is the public network IP address or the public network IPaddress and the port number.

As illustrated in FIG. 10, the network element further includes:

a second receiving unit 109 arranged to receive a query request, hereinthe query request is transmitted by the node when the node does notlearn about identifier information of the node used for receiving firstdata when the current terminal transmits the first data;

a second searching unit 110 arranged to search for an identifier of anode to which a terminal corresponding to a destination address of thefirst data belongs in the first mapping table; and

a second transmission unit 111 arranged to transmit the node identifierinformation to the node.

One skilled in the art shall understand that the implementing functionof each processing unit in the management network element illustrated inFIG. 10 may be understood by referring the relevant description of theaforementioned method for acquiring the identifier of the terminal inthe network. One skilled in the art shall understand that the functionof each processing unit in the management network element illustrated inFIG. 10 may be implemented through a program which runs on a processorand may also be implemented through a specific logic circuit.

In actual application, the first acquisition unit 101, the firstallocation unit 102, the first deletion unit 103, the first updatingunit 104, the second updating unit 105, the first receiving unit 106,the first searching unit 107, the first transmission unit 108, thesecond receiving unit 109, the second searching unit 110 and the secondtransmission unit 111 may all be implemented by a Central ProcessingUnit CPU, or a Digital Signal Processor DSP, or a Micro Processing UnitMPU, or a Field Programmable Gate Array FPGA, etc.

One skilled in the art shall understand that the embodiments of thepresent disclosure may be provided in the form of methods, systems orcomputer program products. Therefore, the present disclosure may adoptthe form of hardware embodiments, software embodiments or combinedsoftware and hardware embodiments. In addition, the present disclosuremay adopt the form of computer program products implemented based on oneor more of computer usable memory media (including but not limited todisk memories and optical memories, etc.) containing computer usableprogram codes therein.

The present disclosure is described by referring to flowcharts and/orblock diagrams of the method, the device (system) and the computerprogram products according to the embodiments of the present disclosure.It should be understood that each process and/or block in the flowchartsand/or block diagrams and combinations of processes and/or blocks in theflowcharts and/or block diagrams may be implemented through computerprogram instructions. These computer program instructions may beprovided to processors of general-purpose computers, special-purposecomputers, embedded processors or other programmable data processingdevices to produce a machine, such that instructions executed throughprocessors of computers or other programmable data processing devicesproduce apparatuses for implementing functions designated in one processor more processes of the flowcharts and/or one block or more blocks ofthe block diagrams.

These computer program instructions may also be stored incomputer-readable memories which can guide computers or otherprogrammable data processing devices to work in a specific manner, suchthat the instructions stored in the computer-readable memories producemanufactures including instruction apparatuses, and the instructionapparatuses realize functions designated in one process or moreprocesses in the flowcharts and/or one block or more blocks in the blockdiagrams.

These computer program instructions may also be loaded to computers orother programmable data processing devices, such that a series ofoperation steps are executed on the computers or other programmabledevices to form the processing realized by the computers, such that theinstructions which are executed on the computers or other programmabledevices provide steps for realizing functions designated in one processor more processes in the flowcharts and/or one block or more blocks inthe block diagrams.

What are described above are just alternative embodiments of the presentdisclosure and are not used for limiting the protection scope of thepresent disclosure.

INDUSTRIAL APPLICABILITY

In the embodiments of the present disclosure, a device identifier of acurrent terminal which is registered in a network is acquired; and acorresponding network identifier is allocated to the current terminalaccording to the device identifier of the current terminal such that thecurrent terminal transmits data in the network by using the allocatednetwork identifier. Herein, the network identifier is a fixed publicnetwork IP address allocated to the current terminal or the a fixedpublic network IP address and the port number segment, allocated to thecurrent terminal, and the fixed identity of the mobile user can beidentified in the network to satisfy the demands of operators in aspectssuch as tracing and security and so on.

What is claimed is:
 1. A method for acquiring an identifier of aterminal in a network, comprising: acquiring a device identifier of acurrent terminal which is registered in a network, wherein the currentterminal is a mobile user; and allocating a corresponding networkidentifier to the current terminal according to the device identifier ofthe current terminal such that the current terminal transmits data inthe network by using the allocated network identifier; wherein, thenetwork identifier is a fixed public network Internet Protocol, IP,address or a fixed public network IP address and port number segment,allocated to the current terminal.
 2. The method according to claim 1,wherein, said allocating a corresponding network identifier to thecurrent terminal according to the device identifier of the currentterminal comprises: searching to determine whether there is the publicnetwork IP address or the public network IP address and the port numbersegment, corresponding to the device identifier of the current terminal,in a preconfigured first mapping table; allocating the searched publicnetwork IP address or public network IP address and port number segmentto the current terminal when the public network IP address or the publicnetwork IP address and the port number segment is searched for; andselecting an idle public network IP address, or an idle public networkIP address and an idle port number segment, or a non-idle public networkIP address and an idle port number segment as a fixed network identifierof the current terminal to allocate to the current terminal when thepublic network IP address or the public network IP address and portnumber segment is not searched for; wherein, the first mapping tablerecords a corresponding relation between terminal device identifiers andnetwork identifiers.
 3. The method according to claim 2, wherein, themethod further comprises: acquiring identifier information of a node towhich the current terminal belongs, and adding the node identifierinformation to the first mapping table; or, acquiring a private networkIP address allocated to the current terminal by an access device whichthe current terminal is accessed and the identifier information of thenode to which the current terminal belongs, and adding the privatenetwork IP address and the node identifier information to the firstmapping table.
 4. The method according to claim 3, wherein, after addingthe node identifier information to the first mapping table or adding theprivate network IP address and the node identifier information to thefirst mapping table, the method further comprises: when learning aboutthat the current terminal left the network, deleting the node identifierinformation, or the private network IP address and the node identifierinformation corresponding to an identifier of the current terminal inthe first mapping table; when learning about that a handover from theaccess device to a new access device was performed on the currentterminal and the two access devices belong to a same node, acquiring anew private network IP address allocated to the current terminal by thenew access device, and updating the private network IP address of thecurrent terminal in the first mapping table to be the new privatenetwork IP address; and when learning about that a handover from theaccess device to a new access device was performed on the currentterminal and the two access devices do not belong to a same node,acquiring a new private network IP address allocated to the currentterminal by the new access device, acquiring node identifier informationof a new node to which the current terminal belongs; and updating theprivate network IP address of the current terminal in the first mappingtable to be the new private network IP address, and updating the nodeidentifier information of the current terminal in the first mappingtable to be the new node identifier information.
 5. The method accordingto claim 3, wherein, the method further comprises: when receiving atracing address search request which carries a to-be-traced IP address,searching for a private network IP address or the private network IPaddress and a node identifier of a terminal corresponding to theto-be-traced IP address in the first mapping table, and using theprivate network IP address or the private network IP address and thenode identifier information as a response message of the tracing addresssearch request, and transmitting the response message; or, whenreceiving the tracing address search request which carries theto-be-traced IP address, searching for a terminal device identifiercorresponding to the to-be-traced IP address in the first mapping table;and then searching for a terminal user account corresponding to theterminal device identifier in pre-synchronized terminal authenticationinformation, using the terminal user account information as the responsemessage of the tracing address search request, and transmitting theresponse message; wherein, the to-be-traced IP address is a publicnetwork IP address or a public network IP address and a port number. 6.The method according to claim 3, wherein, the method further comprises:a management network element transmitting the network identifierallocated to the current terminal to the node to which the currentterminal belongs such that the node forms a second mapping table,wherein the second mapping table records a corresponding relation amongthe device identifier, the network identifier and the private network IPaddress of the current terminal; and correspondingly, the currentterminal transmitting data in the network by using the allocated networkidentifier comprises: when the node acquires first data from the currentterminal, acquiring the private network IP address of the currentterminal, and searching for the network identifier corresponding to theprivate network IP address in the second mapping table; when the nodelearns about identifier information of a node used for receiving thefirst data, determining the node used for receiving the first data; whenthe node does not learn about the identifier information of the nodeused for receiving the first data, transmitting a query request to themanagement network element, and the management network element receivingthe query request, searching for an identifier of a node to which aterminal corresponding to a destination address of the first databelongs in the first mapping table, and transmitting the searched nodeidentifier; and the node receiving the node identifier searched for bythe management network element, and determining a node with the nodeidentifier as the node used for receiving the first data; and the nodetransmitting the first data to the determined node used for receivingthe first data through a data tunnel by using the network identifiersearched for by the node.
 7. A management network element, comprising: afirst acquisition unit, arranged to acquire a device identifier of acurrent terminal which is registered in a network, wherein the currentterminal is a mobile user; and a first allocation unit, arranged toallocate a corresponding network identifier to the current terminalaccording to the device identifier of the current terminal such that thecurrent terminal transmits data in the network by using the allocatednetwork identifier; wherein, the network identifier is a fixed publicnetwork Internet Protocol, IP, address or a fixed public network IPaddress and port number segment, allocated to the current terminal. 8.The management network element according to claim 7, wherein, the firstallocation unit is further arranged to: search to determine whetherthere is the public network IP address or the public network IP addressand the port number segment corresponding to the device identifier ofthe current terminal in a preconfigured first mapping table; when thepublic network IP address or the public network IP address and the portnumber segment is searched for, allocate the searched public network IPaddress or public network IP address and port number segment to thecurrent terminal; and when the public network IP address or the publicnetwork IP address and the port number segment is not searched for,select an idle public network IP address, or an idle public network IPaddress and an idle port number segment, or a non-idle public network IPaddress and an idle port number segment as a fixed network identifier ofthe current terminal to allocate to the current terminal; wherein, thefirst mapping table records a corresponding relation between terminaldevice identifiers and network identifiers.
 9. The management networkelement according to claim 8, wherein, the first acquisition unit isfurther arranged to: acquire identifier information of a node to whichthe current terminal belongs, and add the node identifier information tothe first mapping table; or, acquire a private network IP addressallocated to the current terminal by an access device which the currentterminal is accessed and the identifier information of the node to whichthe current terminal belongs, and add the private network IP address andthe node identifier information to the first mapping table.
 10. Themanagement network element according to claim 9, wherein, the managementnetwork element further comprises: a first deletion unit arranged to,when learning about that the current terminal left the network, deletethe node identifier information, or the private network IP address andthe node identifier information corresponding to an identifier of thecurrent terminal in the first mapping table; a first updating unitarranged to, when learning about that a handover from the access deviceto a new access device was performed on the current terminal and the twoaccess devices belong to a same node, acquire a new private network IPaddress allocated to the current terminal by the new access device, andupdate the private network IP address of the current terminal in thefirst mapping table to be the new private network IP address; and asecond updating unit arranged to, when learning about that a handoverfrom the access device to a new access device was performed on thecurrent terminal and the two access devices do not belong to a samenode, acquire the new private network IP address allocated to thecurrent terminal by the new access device, acquire node identifierinformation of a new node to which the current terminal belongs, updatethe private network IP address of the current terminal in the firstmapping table to be the new private network IP address, and update thenode identifier information of the current terminal in the first mappingtable to be the new node identifier information.
 11. The managementnetwork element according to claim 9, wherein, the management networkelement further comprises: a first receiving unit arranged to receive atracing address search request which carries a to-be-traced IP address;a first searching unit arranged to search for a private network IPaddress or the private network IP address and a node identifier of aterminal corresponding to the to-be-traced IP address; and a firsttransmission unit arranged to use the private network IP address or theprivate network IP address and the node identifier information as aresponse message of the tracing address search request, and transmit theresponse message; or, the first receiving unit arranged to receive thetracing address search request which carries the to-be-traced IPaddress; the first searching unit arranged to search for a terminaldevice identifier corresponding to the to-be-traced IP address in thefirst mapping table, and then search for a terminal user accountcorresponding to the terminal device identifier in pre-synchronizedterminal authentication information; and the first transmission unitarranged to use the terminal user account information as the responsemessage of the tracing address search request, and transmit the responsemessage, wherein, the to-be-traced IP address is a public network IPaddress, or a public network IP address and a port number.
 12. Themanagement network element according to claim 9, wherein, the managementnetwork element further comprises: a second receiving unit arranged toreceive a query request, wherein the query request is transmitted by thenode when the node does not learn about identifier information of a nodeused for receiving first data when the current terminal transmits thefirst data; a second searching unit arranged to search for an identifierof the node to which a terminal corresponding to a destination addressof the first data belongs in the first mapping table; and a secondtransmission unit arranged to transmit the node identifier information.13. A computer storage medium storing computer-executable instructionstherein, wherein the computer-executable instructions are used forexecuting the method according to claim
 1. 14. A computer storage mediumstoring computer-executable instructions therein, wherein thecomputer-executable instructions are used for executing the methodaccording to claim
 2. 15. A computer storage medium storingcomputer-executable instructions therein, wherein thecomputer-executable instructions are used for executing the methodaccording to claim
 3. 16. A computer storage medium storingcomputer-executable instructions therein, wherein thecomputer-executable instructions are used for executing the methodaccording to claim
 4. 17. A computer storage medium storingcomputer-executable instructions therein, wherein thecomputer-executable instructions are used for executing the methodaccording to claim
 5. 18. A computer storage medium storingcomputer-executable instructions therein, wherein thecomputer-executable instructions are used for executing the methodaccording to claim 6.